#!/bin/sh
#

net1=192.168.1.0
net2=192.168.3.0
gw1=192.168.2.103
gw2=192.168.2.100
hmask=255.255.255.255
nmask=255.255.255.0

depmod -a
modprobe ipsec

tncfg attach ipsec0 eth1
ifconfig ipsec0 $gw1 

#
# Transport mode
#
route del $gw2
route add -host $gw2 dev ipsec0
#
addrt $gw1 $hmask \
		$gw2 $hmask \
		$gw2 135
setsa $gw2 135 esp 3des-md5-96 i \
		1000000000000001 6630663066303133
setsa $gw1 125 esp 3des-md5-96 r \
		1000000000000001 6630663066303132

#
# Tunnel mode
#
route del $net2
route add -net $net2 dev ipsec0 gw $gw2
#
# forward path
#
addrt $net1 $nmask \
		$net2 $nmask \
		$gw2 113
echo sleeping after addrt
sleep 1
#
setsa $gw2 113 ip4 \
		$gw1 $gw2
setsa $gw2 115 esp des-cbc 66306630 6630663066303132
setsa $gw2 116 ah md5 66306630663031326630663066303132
#
spigrp $gw2 113 \
		$gw2 115 \
		$gw2 116
#
# return path
#
setsa $gw1 105 esp des-cbc 66306630 6630663066303132
setsa $gw1 106 ah md5 66306630663031326630663066303132

cat /proc/net/ipsec-spi
echo
cat /proc/net/ipsec-route
